Talk at CactusCon 2026 on a security audit of MCP servers and their OAuth implementations. Covers prompt injection via tool descriptions, DNS rebinding on local servers, token mismanagement, and real-world CVEs including RCE via OAuth metadata and ServiceNow privilege escalation. The core thesis: 90% of the vulnerabilities are old security problems, but AI agents magnify their impact by automating tool execution across trust boundaries.
Sample code: cactus-con-2026 on GitHub